tomcat报错Error parsing HTTP request header

Mr-想 发布于 2017/02/23 13:48
阅读 18K+
收藏 0

tomcat 7.0.75,jdk1.7.0.80,运行中报错Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986

信息: Error parsing HTTP request header
 Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
 java.lang.IllegalArgumentException: Invalid character found in the request target. The 
 valid characters are defined in RFC 7230 and RFC 3986
	at org.apache.coyote.http11.InternalInputBuffer.parseRequestLine(InternalInputBuffer.
    java:189)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor
    .java:1000)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol
    .java:637)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:745)

tomcat配置:

<Connector 
   	connectionTimeout="20000" 
   	port="8080" 
   	protocol="HTTP/1.1" 
   	redirectPort="8443"
  	URIEncoding="UTF-8"
/>

 

加载中
0
头号大宝贝
头号大宝贝

据说切换tomcat版本可以解决这个问题。

Mr-想
Mr-想
我查网上有说tomcat8.0.38之后对请求的参数加了限制,导致json格式的请求参数 无法访问,但是我这个7也不行呀,换了项目原来的tomcat确实好的,想知道具体是什么问题,能不能通过配置tomcat解决这个问题。
0
习静

大神,我也遇到同样问题,你们是具体怎么解决的?如果改tomcat版本的话,改成具体哪个版本的,在线等!!!!

0
cdtary
cdtary

https://tomcat.apache.org/security-7.html

Apache Tomcat 7.0.73修复了 CVE-2016-6816, 需要把一些字符,像{,},[, ]等等进行编码就可以了。

Important: Information Disclosure CVE-2016-6816:

The code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.

 

返回顶部
顶部